Skip to content

Commit b154b6b

Browse files
zimegzimeg
committed
fix: check for absolute url prefixes with separate protocol strings
1 parent 92acdd4 commit b154b6b

2 files changed

Lines changed: 10 additions & 3 deletions

File tree

packages/web-api/src/WebClient.spec.ts

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -780,13 +780,19 @@ describe('WebClient', () => {
780780
await client.apiCall('method');
781781
});
782782

783-
it('should send requests to an absolute URL', async () => {
783+
it('should send requests to an absolute URL as default', async () => {
784784
nock('http://12.34.56.78/').post('/api/method').reply(200, { ok: true });
785785
const client = new WebClient(token);
786786
await client.apiCall('http://12.34.56.78/api/method');
787787
});
788788

789-
it('should send requests to the default URL', async () => {
789+
it('should send requests to the absolute URL if absolute is allowed', async () => {
790+
nock('https://example.com/').post('/api/method').reply(200, { ok: true });
791+
const client = new WebClient(token, { allowAbsoluteUrls: true });
792+
await client.apiCall('https://example.com/api/method');
793+
});
794+
795+
it('should send requests to the default URL if absolute not allowed', async () => {
790796
nock('https://slack.com/').post('/api/https://example.com/api/method').reply(200, { ok: true });
791797
const client = new WebClient(token, { allowAbsoluteUrls: false });
792798
await client.apiCall('https://example.com/api/method');

packages/web-api/src/WebClient.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -744,7 +744,8 @@ export class WebClient extends Methods {
744744
* @param url - The resource to POST to. Either a Slack API method or absolute URL.
745745
*/
746746
private deriveRequestUrl(url: string): string {
747-
if (url.startsWith('https' || 'http') && this.allowAbsoluteUrls) {
747+
const isAbsoluteURL = url.startsWith('https://') || url.startsWith('http://');
748+
if (isAbsoluteURL && this.allowAbsoluteUrls) {
748749
return url;
749750
}
750751
return `${this.axios.getUri() + url}`;

0 commit comments

Comments
 (0)